phishing - Security Ticks

Old file types, new tricks: Attackers turn everyday files into weapons

cybersecurity, HP, Malware, News, phishing, report, threats / SecurityTicks

Old file types, new tricks: Attackers turn everyday files into weapons 2025-09-17 at 07:44 By Anamarija Pogorelec Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how […]

React to this headline:

Old file types, new tricks: Attackers turn everyday files into weapons Read More »

Fake npm 2FA reset email led to compromise of popular code packages

account hijacking, Acumen Cyber, Aikido Security, Don't miss, GitHub, Hot stuff, JavaScript, News, Node.js, phishing, ReversingLabs, Sonatype, supply chain compromise / SecurityTicks

Fake npm 2FA reset email led to compromise of popular code packages 2025-09-09 at 16:51 By Zeljka Zorz Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would

React to this headline:

Fake npm 2FA reset email led to compromise of popular code packages Read More »

Ransomware Losses Climb as AI Pushes Phishing to New Heights

cyber insurance, phishing, Ransomware, Threat Intelligence / SecurityTicks

Ransomware Losses Climb as AI Pushes Phishing to New Heights 2025-09-09 at 16:39 By Kevin Townsend Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to

React to this headline:

Ransomware Losses Climb as AI Pushes Phishing to New Heights Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

backdoor, Check Point, Don't miss, Heroku, Hot stuff, manufacturing sector, News, phishing / SecurityTicks

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

React to this headline:

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect

AI, Artificial Intelligence, phishing / SecurityTicks

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect 2025-08-27 at 20:01 By Kevin Townsend AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication. The post Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect Read More »

What CISOs can learn from Doppel’s new AI-driven social engineering simulation

Artificial Intelligence, automation, CISO, cybersecurity, Don't miss, Doppel, legacy technology, News, phishing, social engineering / SecurityTicks

What CISOs can learn from Doppel’s new AI-driven social engineering simulation 2025-08-27 at 07:51 By Sinisa Markovic Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create multi-channel simulations that mirror how attackers operate across email, SMS, messaging apps,

React to this headline:

What CISOs can learn from Doppel’s new AI-driven social engineering simulation Read More »

URL-based threats become a go-to tactic for cybercriminals

cybercrime, cybersecurity, News, phishing, Proofpoint, report, survey / SecurityTicks

URL-based threats become a go-to tactic for cybercriminals 2025-08-21 at 07:34 By Help Net Security Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not

React to this headline:

URL-based threats become a go-to tactic for cybercriminals Read More »

Cybercriminals are getting personal, and it’s working

BEC scams, cybercriminals, email security, News, phishing, VIPRE Security / SecurityTicks

Cybercriminals are getting personal, and it’s working 2025-08-07 at 09:15 By Help Net Security Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or obfuscated deployments, according to VIPRE Security. These phishing kits can’t easily be reverse-engineered, tracked, or caught. AI makes them

React to this headline:

Cybercriminals are getting personal, and it’s working Read More »

UK Student Sentenced to Prison for Selling Phishing Kits

cybercrime, Ollie Holman, phishing, sentenced, UK / SecurityTicks

UK Student Sentenced to Prison for Selling Phishing Kits 2025-07-25 at 16:19 By Ionut Arghire Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million. The post UK Student Sentenced to Prison for Selling Phishing Kits appeared first on SecurityWeek. This article is an excerpt

React to this headline:

UK Student Sentenced to Prison for Selling Phishing Kits Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

NPM, phishing, supply chain, Supply Chain Security / SecurityTicks

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

Phishing campaign targets U.S. Department of Education’s G5 portal

BforeAI, cybercrime, Don't miss, Government, News, phishing, scams, USA / SecurityTicks

Phishing campaign targets U.S. Department of Education’s G5 portal 2025-07-23 at 13:04 By Anamarija Pogorelec A new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal education funding. Threat researchers at BforeAI uncovered a cluster of lookalike domains

React to this headline:

Phishing campaign targets U.S. Department of Education’s G5 portal Read More »

Phishing simulations: What works and what doesn’t

cybersecurity, Don't miss, Ironscales, News, phishing, strategy / SecurityTicks

Phishing simulations: What works and what doesn’t 2025-07-23 at 08:31 By Sinisa Markovic Phishing is one of the oldest and most effective scams used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before AI became

React to this headline:

Phishing simulations: What works and what doesn’t Read More »

Thirteen Romanians Arrested for Phishing the UK’s Tax Service

cybercrime, phishing, Romania, Tracking & Law Enforcement / SecurityTicks

Thirteen Romanians Arrested for Phishing the UK’s Tax Service 2025-07-14 at 05:16 By Mike Lennon Investigators from HMRC joined more than 100 Romanian police officers to arrest the 13 Romanian suspects in the counties of Ilfov, Giurgiu and Calarasi. The post Thirteen Romanians Arrested for Phishing the UK’s Tax Service appeared first on SecurityWeek. This

React to this headline:

Thirteen Romanians Arrested for Phishing the UK’s Tax Service Read More »

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

Artificial Intelligence, cyber risk, Don't miss, Hot stuff, LLMs, Malware, Netcraft, News, phishing / SecurityTicks

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code 2025-07-03 at 16:03 By Zeljka Zorz Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew

React to this headline:

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code Read More »

Microsoft 365 Direct Send Abused for Phishing

Direct Send, email security, Microsoft 365, phishing / SecurityTicks

Microsoft 365 Direct Send Abused for Phishing 2025-06-27 at 11:08 By Ionut Arghire Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Microsoft 365 Direct Send Abused for Phishing Read More »

ClickFix attacks skyrocketing more than 500%

attacks, authentication, cybercrime, cybersecurity, Don't miss, ESET, News, phishing, research, scams / SecurityTicks

ClickFix attacks skyrocketing more than 500% 2025-06-26 at 12:02 By Sinisa Markovic ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends from December 2024

React to this headline:

ClickFix attacks skyrocketing more than 500% Read More »

Using AI to outsmart AI-driven phishing scams

Artificial Intelligence, CISO, cybercrime, News, phishing, strategy / SecurityTicks

Using AI to outsmart AI-driven phishing scams 2025-05-30 at 08:32 By Sinisa Markovic Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability to automate

React to this headline:

Using AI to outsmart AI-driven phishing scams Read More »

GitHub becomes go-to platform for malware delivery across Europe

cybercrime, Europe, generative AI, GitHub, Netskope, News, phishing, report, survey / SecurityTicks

GitHub becomes go-to platform for malware delivery across Europe 2025-05-28 at 07:32 By Help Net Security Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now constantly dealing with phishing attempts, which have become so common and credible that

React to this headline:

GitHub becomes go-to platform for malware delivery across Europe Read More »

Russian Government Hackers Caught Buying Passwords from Cybercriminals

Data Breaches, Microsoft, Nation-State, NATO, phishing, Russia, Ukraine, Void Blizzard / SecurityTicks

Russian Government Hackers Caught Buying Passwords from Cybercriminals 2025-05-27 at 18:01 By Ryan Naraine Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks. The post Russian Government Hackers Caught Buying Passwords from Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Russian Government Hackers Caught Buying Passwords from Cybercriminals Read More »

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group

account hijacking, cyber espionage, Don't miss, EU, Government, government-backed attacks, Hot stuff, Microsoft, NATO, News, phishing / SecurityTicks

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group 2025-05-27 at 17:02 By Zeljka Zorz The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in Europe and North America, and they dubbed it Laundry Bear. “Compared to some other

React to this headline:

Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group Read More »